From owner-freebsd-questions Mon Nov 20 10:59:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id A634C37B4C5; Mon, 20 Nov 2000 10:59:13 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id LAA75255; Mon, 20 Nov 2000 11:59:00 -0700 (MST) Date: Mon, 20 Nov 2000 11:59:00 -0700 (MST) From: Nick Rogness To: Hamilton Hoover Cc: "freebsd-net@freebsd.org" , "freebsd-questions@FreeBSD.ORG" Subject: Re: dual homed gateway system running ipfw and nat. need rules help. In-Reply-To: <3A196E28.3A9806A1@twopoint.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 20 Nov 2000, Hamilton Hoover wrote: > Hi all, Hello. > > I am running a dual homed system (2 nics) acting as a gateway/firewall > for our office T1. The private net uses 192.x.x.x and the public uses a > 'real' address of 209.x.x.x. The firewall is up and seems to be working > well. I used rc.firewall "simple" and have customized it to our needs. > All outgoing requests appear to to originating from the public > interface. I want to be able to do two things that I have not been able > to figure out yet. > > 1) We keep out pop server on the private net. I need to be able to get > the incoming mail passed to the mail server that has a 192.x.x.x > address. I was thinking something like: > Incoming from the outside or inside? > ${fwcmd} pass tcp from any 25 to 192.x.x.x > The POP server runs on port 110 not 25, that's SMTP. > Is this solid or am I opening myself up from more problems. I don't want > to relay from outside as mail is only checked from inside the private > side. > If you don't want mail from the outside world or users to send mail to the outside world, then this should work. Is the BSD machine acting as a mail server? Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message